Example 1 with MethodSecurityMetadataSourceAdvisor
use of org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor in project spring-security by spring-projects.
the class GlobalMethodSecurityBeanDefinitionParserTests method targetShouldAllowProtectedMethodInvocationWithCorrectRole.
@Test
public void targetShouldAllowProtectedMethodInvocationWithCorrectRole() {
loadContext();
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
SecurityContextHolder.getContext().setAuthentication(token);
target.someUserMethod1();
// SEC-1213. Check the order
Advisor[] advisors = ((Advised) target).getAdvisors();
assertThat(advisors.length).isEqualTo(1);
assertThat(((MethodSecurityMetadataSourceAdvisor) advisors[0]).getOrder()).isEqualTo(1001);
}
Also used :
MethodSecurityMetadataSourceAdvisor(org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor)
Advised(org.springframework.aop.framework.Advised)
Advisor(org.springframework.aop.Advisor)
MethodSecurityMetadataSourceAdvisor(org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Example 2 with MethodSecurityMetadataSourceAdvisor
use of org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor in project spring-security by spring-projects.
the class GlobalMethodSecurityBeanDefinitionParserTests method expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance.
// Expression configuration tests
@SuppressWarnings("unchecked")
@Test
public void expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance() throws Exception {
setContext("<global-method-security pre-post-annotations='enabled'/>" + AUTH_PROVIDER_XML);
AffirmativeBased adm = (AffirmativeBased) appContext.getBeansOfType(AffirmativeBased.class).values().toArray()[0];
List voters = (List) FieldUtils.getFieldValue(adm, "decisionVoters");
PreInvocationAuthorizationAdviceVoter mev = (PreInvocationAuthorizationAdviceVoter) voters.get(0);
MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) appContext.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0];
AfterInvocationProviderManager pm = (AfterInvocationProviderManager) ((MethodSecurityInterceptor) msi.getAdvice()).getAfterInvocationManager();
PostInvocationAdviceProvider aip = (PostInvocationAdviceProvider) pm.getProviders().get(0);
assertThat(FieldUtils.getFieldValue(mev, "preAdvice.expressionHandler")).isSameAs(FieldUtils.getFieldValue(aip, "postAdvice.expressionHandler"));
}
Also used :
PostInvocationAdviceProvider(org.springframework.security.access.prepost.PostInvocationAdviceProvider)
MethodSecurityMetadataSourceAdvisor(org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor)
AfterInvocationProviderManager(org.springframework.security.access.intercept.AfterInvocationProviderManager)
AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased)
ArrayList(java.util.ArrayList)
List(java.util.List)
PreInvocationAuthorizationAdviceVoter(org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter)
Test(org.junit.Test)
Example 3 with MethodSecurityMetadataSourceAdvisor
use of org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor in project spring-security by spring-projects.
the class GlobalMethodSecurityBeanDefinitionParserTests method runAsManagerIsSetCorrectly.
@Test
public void runAsManagerIsSetCorrectly() throws Exception {
StaticApplicationContext parent = new StaticApplicationContext();
MutablePropertyValues props = new MutablePropertyValues();
props.addPropertyValue("key", "blah");
parent.registerSingleton("runAsMgr", RunAsManagerImpl.class, props);
parent.refresh();
setContext("<global-method-security run-as-manager-ref='runAsMgr'/>" + AUTH_PROVIDER_XML, parent);
RunAsManagerImpl ram = (RunAsManagerImpl) appContext.getBean("runAsMgr");
MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) appContext.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0];
assertThat(ram).isSameAs(FieldUtils.getFieldValue(msi.getAdvice(), "runAsManager"));
}
Also used :
MethodSecurityMetadataSourceAdvisor(org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor)
StaticApplicationContext(org.springframework.context.support.StaticApplicationContext)
MutablePropertyValues(org.springframework.beans.MutablePropertyValues)
RunAsManagerImpl(org.springframework.security.access.intercept.RunAsManagerImpl)
Test(org.junit.Test)
Aggregations
Test (org.junit.Test)3
MethodSecurityMetadataSourceAdvisor (org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor)3
ArrayList (java.util.ArrayList)1
List (java.util.List)1
Advisor (org.springframework.aop.Advisor)1
Advised (org.springframework.aop.framework.Advised)1
MutablePropertyValues (org.springframework.beans.MutablePropertyValues)1
StaticApplicationContext (org.springframework.context.support.StaticApplicationContext)1
AfterInvocationProviderManager (org.springframework.security.access.intercept.AfterInvocationProviderManager)1
RunAsManagerImpl (org.springframework.security.access.intercept.RunAsManagerImpl)1
PostInvocationAdviceProvider (org.springframework.security.access.prepost.PostInvocationAdviceProvider)1
PreInvocationAuthorizationAdviceVoter (org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter)1
AffirmativeBased (org.springframework.security.access.vote.AffirmativeBased)1
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1
